Local User Authentication Failed When LDAP Server is Not Available

 Local User Authentication Failed When LDAP Server is Not Available


When we stop using the LDAP server and or somehow network disconnected from the LDAP server. We are unable to login into the server even from local user with the correct password. After reset the password also the local user is unable to log in or su to local user is denied.

Environment

  • RHEL 6
  • RHEL 7
  • RHEL 8
  • Centos and other GNU LInux

Issue

  1. Local user is unable to login system, LDAP server is unavailable
  2. Local user is unable to login system, AD server is unavailable
  3. Local user is unable to switch user 

Resolution

Change in file /etc/nsswitch.conf passwd option to:

# passwd: ldap [!SUCCESS=continue] files 

Root Cause

When we do the hardening of the server or system we configure nsswitch.conf file. So when the LDAP server is unreachable PAM fails to receive authentication information for the user due to this user failed to login.

Diagnostic Steps

If we log in from a remote user:

# test@test1  # ssh abc@somehost
abc@somehost's password:
Connection closed by 10.15.217.222 

If we log in from a local user:

# [abc@somehost ~]$ su - abc
Password:
su: incorrect password 

Maybe you need to start system-daemon. But it is not necessary it works without it. 

Now you have successfully logged in to the system with the local user to which you were not able to log in.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top